Question

In: Nursing

Massachusetts General Hospital settles potential HIPAA violations Large hospital system to improve policies and procedures safeguarding...

Massachusetts General Hospital settles potential HIPAA violations
Large hospital system to improve policies and procedures safeguarding patient information

The General Hospital Corporation and Massachusetts General Physicians Organization Inc. (Mass General) has agreed to pay the U.S. government $1,000,000 to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule, the U.S. Department of Health and Human Services (HHS) announced today.

Mass General, one of the nation’s oldest and largest hospitals, signed a Resolution Agreement with HHS that requires it to develop and implement a comprehensive set of policies and procedures to safeguard the privacy of its patients. The settlement follows an extensive investigation by the HHS Office for Civil Rights (OCR), which enforces the HIPAA Privacy and Security Rules. The HIPAA Privacy Rule requires health plans, health care clearinghouses and most health care providers (covered entities) to protect the privacy of patient information through administrative, physical and technical safeguards at all times.

“We hope the health care industry will take a close look at this agreement and recognize that OCR is serious about HIPAA enforcement. It is a covered entity’s responsibility to protect its patients’ health information,” said OCR Director Georgina Verdugo.

The incident giving rise to the agreement involved the loss of protected health information (PHI) of 192 patients of Mass General’s Infectious Disease Associates outpatient practice, including patients with HIV/AIDS. OCR opened its investigation of Mass General after a complaint was filed by a patient whose PHI was lost on March 9, 2009. OCR’s investigation indicated that Mass General failed to implement reasonable, appropriate safeguards to protect the privacy of PHI when removed from Mass General’s premises and impermissibly disclosed PHI potentially violating provisions of the HIPAA Privacy Rule.

The impermissible disclosure of PHI involved the loss of documents consisting of a patient schedule containing names and medical record numbers for a group of 192 patients, and billing encounter forms containing the name, date of birth, medical record number, health insurer and policy number, diagnosis and name of providers for 66 of those patients. These documents were lost on March 9, 2009, when a Mass General employee, while commuting to work, left the documents on the subway train that were never recovered.

Mass General also agreed to enter into a Corrective Action Plan (CAP), which requires the hospital to:

Develop and implement a comprehensive set of policies and procedures that ensure PHI is protected when removed from Mass General’s premises;
Train workforce members on these policies and procedures; and
Designate the Director of Internal Audit Services of Partners HealthCare System Inc. to serve as an internal monitor who will conduct assessments of Mass General’s compliance with the CAP and render semi-annual reports to HHS for a 3-year period.
“To avoid enforcement penalties, covered entities must ensure they are always in compliance with the HIPAA Privacy and Security Rules,” said Verdugo. “A robust compliance program includes employee training, vigilant implementation of policies and procedures, regular internal audits, and a prompt action plan to respond to incidents.”

1.Summary Details of the Violation: (Include all pertinent information)
2.What part (or parts) of the HIPAA Law was violated?
3.Penalty Given:
4.What actions could have been taken to avoid the violation? (Be specific)
5.What steps will you take as a healthcare provider to avoid violations of the HIPAA Law? (Be specific)

Solutions

Expert Solution

  1. SUMMARY DETAILS OF VIOLATION:- The incident includes the loss of protected health information (PHI) of 192 patients of Mass General’s Infectious Disease Associates outpatient practice, including patients with HIV/AIDS. These documents include patient schedule containing names and medical record numbers for a group of 192 patients, and billing encounter forms containing the name, date of birth, medical record number, health insurer and policy number, diagnosis and name of providers for 66 of those patients. These documents were lost on March 9, 2009, when a Mass General employee, while commuting to work, left the documents on the subway train that were never recovered.
  2. HIPAA Privacy Rule requires health plans, health care clearinghouses and most health care providers to protect the privacy of patient information through administrative, physical and technical safeguards at all times. Hence the employ of Mass General failed to implement reasonable, appropriate safeguards to protect the privacy of PHI, thus violating the privacy act of the HIPAA.
  3. Penalty of $1,000,000 to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) has been given to the government by the Mass General.
  4. Actions that are taken to avoid violation are:- Corrective Action Plan is made which includes:
  • Develop and implement a comprehensive set of policies and procedures that ensure PHI is protected.
  • Train workforce members on these policies and procedures.
  • Designate the Director of Internal Audit Services of Partners HealthCare System Inc. to serve as an internal monitor who will conduct assessments of Mass General’s compliance with the CAP and render semi-annual reports to HHS for a 3-year period.

5. To avoid the violation of the HIPAA Law following steps are taken as a health care provider:-

  • includes employee training
  • vigilant implementation of policies and procedures.
  • regular internal audits.
  • prompt action plan to respond to incidents.

Related Solutions

Suppose that you are interested in the costs of producing inpatient services at Massachusetts General Hospital:...
Suppose that you are interested in the costs of producing inpatient services at Massachusetts General Hospital: Number of Doctors Total Inpatient Services Total Fixed Cost Total Variable Cost Total Cost Average Total Cost Average Fixed Cost Average Var. Cost Marginal Cost Average Product Marginal Product 0 0 800 0 1 200 650 2 450 1300 3 550 1950 4 600 2600 5 625 3250 6 640 3900 Complete the above table. Draw marginal product and average product curves in one...
You learned about PHI, HIPAA, policies and procedures, international regulations etc. 1. Discuss international regulations and...
You learned about PHI, HIPAA, policies and procedures, international regulations etc. 1. Discuss international regulations and control. 2. How cloud computing is going to affect rules and regulations? Discuss one or two concerns you have using the cloud services.
Imagine you are CEO of a local hospital. Which policies and procedures would you develop and...
Imagine you are CEO of a local hospital. Which policies and procedures would you develop and deploy in order to facilitate superior strategy execution? Natalie and Vinnie own the Mississippi River Brewing Company, a craft brewer and taproom in New Orleans. What actions could the partners take to realize full value from TQM or Six Sigma initiatives and promote a culture of operating excellence?
A study was conducted by a large cosmopolitan hospital to determine the general public opinion on...
A study was conducted by a large cosmopolitan hospital to determine the general public opinion on telemedicine . The hospital management is considering to offer telemedicine if more than three fourths of the general public have a favorable opinion on telemedicine. In a sample of 100 people, 90 declared that they like the idea of telemedicine. 1. What is the parameter of interest and the type of test associated with the hypothesis test testing the validity of the above claim?...
Potential Audit Procedure Failures. For each of the general audit procedures of; Recalculation, Observation, Confirmation (accounts...
Potential Audit Procedure Failures. For each of the general audit procedures of; Recalculation, Observation, Confirmation (accounts receivable, securities or other assets), Injuiry, Inspection of internal domuments, reperformance and analystical procedures. Discuss one way the procedure can be misapplied or the auditors could be misled in such a way to render the work (audit evidence) misleading or irrelevent. Give examples
1-Which of the following increases the potential for self-control? Enforcing authority, policies, procedures, job descriptions, budgets,...
1-Which of the following increases the potential for self-control? Enforcing authority, policies, procedures, job descriptions, budgets, and day-to-day supervision to make sure that people act in harmony with organizational interests Ensuring participative organizational cultures in which everyone treats each other with respect and consideration Preparing budgets for personnel, equipment, travel expenses, and the like to keep behavior targeted within set limits Influencing behavior through norms and expectations set by the organizational culture Harnessing the power of group cohesiveness and collective...
You are the manager of a clinic within a large hospital system. You just received a...
You are the manager of a clinic within a large hospital system. You just received a phone call from someone in the food services department, saying they received several pages of a patient’s lab work and physician’s notes on their fax machine. The cover sheet indicated the documents originated from your clinic. In 250-300 words, explain how you should approach handling this situation with your staff. Include mention of the laws that apply to this situation, as well.
ll system owns and operates a hospital and employees primary care physicians, general surgeons, and oncologist....
ll system owns and operates a hospital and employees primary care physicians, general surgeons, and oncologist. The hospital purchased a surgical practice in 2012. Part of the purchase of the Proctors included the purchase of the electronic medical record system that was a certified EHR. In January 2014, the hospital transition the primary care physicians, surgeons, and the radiologist in the hospital to a new certified electronic health record, the implementation of which was completed 10 months later in October...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT